1. Field of the Invention
The present invention relates to the session management among clients/servers. More particularly, it relates to a session management system and management method for session management in the case where a user makes an access from a client terminal to extending over a plurality of servers in stateless communications on the WWW (World Wide Web) etc.
2. Description of the Related Art
Nowadays, various networks connected by the Internet and computers located on the networks have realized a wide-area information system called the xe2x80x9cWWWxe2x80x9d. In the WWW, software called a xe2x80x9cWWW browserxe2x80x9d is installed in a client computer which makes requests for services, and the WWW browser executes communication processing with WWW servers.
In the case where, on such a WWW, the WWW browser requests the WWW servers to offer the services of the transmission of a desired HTML (Hyper Text Markup Language) file, the search of a database, etc., how to manage sessions becomes a problem. Here, the word xe2x80x9csessionxe2x80x9d signifies communications which proceed while communicating parties are recognizing the opposite parties.
In general, the HTTP (Hyper Text Transfer Protocol), which is a protocol employed for data communications between a WWW browser and a WWW server, is a stateless protocol having no state transition. Therefore, the session between the WWW browser and the WWW server is set when the former requests the latter to transmit a Web page, and it is reset or cut off when the server has transmitted the page.
Further, in a case where a next image has been accessed, another session is set. That is, each time one page is accessed, the previous session is reset, and quite a different session is set. Accordingly, the relevance of the next access to the preceding communications is not retained.
Under such an environment, even processing relevant to the preceding page is determined as a different session. It is therefore impossible to realize transaction processing, for example, a refined search in a database service, in which the exchange between the client terminal and the server is not completed by accessing the same Web site only once.
Considered as a method for solving the above drawback is one wherein associated software of a resident type is installed in the WWW server separately from a CGI (Common Gateway Interface) program of a nonresident type, thereby to recognize a session which extends over the image displays of a plurality of pages. In this case, an identifier for managing the session (hereunder, termed xe2x80x9csession management identifierxe2x80x9d) is incorporated into the image data of the respective pages which are to be displayed on the WWW browser, and it is sent to the WWW browser. The associated software verifies the session management identifier which is transmitted from the WWW browser together with a page display request. Thus, it is permitted to hold an identical session.
With this method, however, both a process for managing the session management identifier and a process for incorporating the session management identifier into the display data of the respective pages to be displayed need to be prepared in individual programs for creating the display data of the respective pages.
Moreover, since the session management identifier is managed in every WWW server, a session which extends over a plurality of WWW servers cannot be managed.
Further, in a case where a membership page on the WWW server is to be accessed, a user needs to input his/her user ID and password because user IDs and passwords are authenticated and managed on the WWW server side. Since, however, the user IDs and the passwords are managed in every individual WWW server, a new access to a page on another WWW server is handled as a different session. Therefore, each time access is moved to another WWW server, an image for inputting the user ID and the password is displayed on the user""s WWW browser at the request of the WWW server side, and the user needs to input his/her user ID and password again on each occasion. The input operation is cumbersome to the user.
The present invention has for its object to provide a session management system and management method which realize the management of a session extending over a plurality of servers.
It is the premise of a session management system according to the present invention that a plurality of users, and a plurality of servers of first type for offering services to the users are connected through a network, and that a server of second type is connected with the plurality of servers of first type.
Each of the first type of servers includes a transmission/reception unit and a control unit.
The transmission/reception unit transmits and receives data to and from the plurality of users through the network.
The control unit accepts a request made by the user from the transmission/reception unit, sends information based on the request to the second type of server, and offers the service complying with the user""s request if a reply to the information as sent back from the second type of server indicates that the user has been authenticated.
On the other hand, the second type of server includes a session-management-identifier storage unit and an authentication control unit.
The session-management-identifier storage unit stores therein session management identifiers which uniquely identify sessions of the first type of servers with the respective users.
The authentication control unit sends notification indicating that the user has been authenticated, as the reply to the first type of server if the session management identifier contained in the information accepted from the first type of server agrees with any of the session management identifiers stored in the session-management-identifier storage means.
In addition, the authentication control unit sends notification indicating that authentication is necessary, as the reply to the first type of server if the session management identifier is not contained in the request. Then, the control unit of the first type of server requests the user to transmit information for the authentication, if the reply to the request is the notification indicating that the authentication is necessary.
Besides, the second type of server can further include an authentication-information storage unit for storing information for the user authentication therein. In this case, the control unit of the first type of server sends to the second type of server the information for the authentication as transmitted in from the user in compliance with the request for transmitting the authenticating information. Also, the authentication control unit assigns the session management identifier to the session with the user and stores it in the session-management-identifier storage unit if the authenticating information transmitted in from the user agrees with any of the user authenticating information stored in the authentication-information storage unit.
The second type of server can be constructed as a separate server which is independent of the first type of servers. Alternatively, the second type of server can be constructed so as to include all the functions of each of the first type of servers and to operate also as one of the first type of servers.
According to the present invention, an identical session management identifier can be carried about or shared among a plurality of servers. Therefore, even when a user has made requests of the plurality of servers, the respective servers can grasp the requests as an identical session, and session management extending over the plurality of servers can be realized.